←back to thread

A New Future for Icanhazip

(major.io)
980 points nkcmr | 1 comments | 06 Jun 21 19:21 UTC | HN request time: 0.202s | source
Show context
andrewmcwatters ◴[06 Jun 21 22:11 UTC] No.27416836[source]
Reminds me of `echo $(dig @ns1.google.com o-o.myaddr.l.google.com TXT +short | tr -d \")`. I have no idea where this DNS query came from, because searching all of Google turns up nothing but https://github.com/GoogleCloudPlatform/cloud-self-test-kit/b..., which is never referenced by anyone. I had to track it down myself for a bootstrap.sh, but I don't like using undocumented sources for critical infrastructure.

My use case was needing to set the result of `hostname -f` in /etc/hosts in an automated fashion if a VPS provider didn't already add a line for the public Internet address in that file. You need to do this so that sendmail doesn't fail on `apt install` when it attempts to read your FQDN. So I couldn't use the NGINX example posted elsewhere here.

It seems like https://checkip.amazonaws.com/ is much more "reliable" in that it is publicly documented at https://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/s....

To anyone who needs to read this: please don't use "services" like icanhazip for your provisioning. Even my examples above are bad.

It does strike me as weird that there is seemingly no POSIX-compliant way to get your public Internet address, from my readings.

Edit: Oh goodness... even Amazon's documentation recommends using Google's undocumented DNS query.[1]

[1]: https://aws.amazon.com/premiumsupport/knowledge-center/route...

replies(6): >>27417302 #>>27417564 #>>27418095 #>>27418333 #>>27418679 #>>27420016 #
1. gnopgnip ◴[07 Jun 21 01:39 UTC] No.27418095[source]
dig myip.opendns.com resolver1.opendns.com is another option